** Changed in: ruby-gnome2 (Gentoo Linux) Importance: Unknown => Medium
-- You received this bug notification because you are subscribed to Ubuntu. https://bugs.launchpad.net/bugs/175827 Title: [ruby-gnome2] [CVE-2007-6183] improper input sanitizing / format string vulnerability Status in “ruby-gnome2” package in Ubuntu: Fix Released Status in “ruby-gnome2” source package in Dapper: Triaged Status in “ruby-gnome2” source package in Edgy: Won't Fix Status in “ruby-gnome2” source package in Feisty: Won't Fix Status in “ruby-gnome2” source package in Gutsy: Won't Fix Status in “ruby-gnome2” source package in Hardy: Fix Released Status in “ruby-gnome2” package in Debian: Fix Released Status in “ruby-gnome2” package in Fedora: Fix Released Status in “ruby-gnome2” package in Gentoo Linux: Fix Released Bug description: Binary package hint: ruby-gnome2 References: DSA-1431-1 (http://www.debian.org/security/2007/dsa-1431) Quoting DSA-1431-1: "It was discovered that ruby-gnome2, GNOME-related bindings for the Ruby language, didn't properly sanitize input prior to constructing dialogs. This could allow for the execution of arbitary code if untrusted input is displayed within a dialog." Quoting CVE-2007-6183: "Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter." _______________________________________________ Pkg-ruby-extras-maintainers mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/pkg-ruby-extras-maintainers
